forked from rpms/openssh
Fix GSSAPI Key Exchange for older clients (#1323622)
Failed with older clients, because server was doing signature over different data than the verifying client. It was caused by bump of minimal DH groups offered by server and a bug in code, which was using max(client_min, server_min) instead of client_min as proposed by RFC4462.
This commit is contained in:
parent
bda184b249
commit
fc0cf7f8d5
@ -2739,3 +2739,41 @@ diff -up openssh-7.2p1/sshkey.h.gsskex openssh-7.2p1/sshkey.h
|
|||||||
KEY_UNSPEC
|
KEY_UNSPEC
|
||||||
};
|
};
|
||||||
|
|
||||||
|
diff --git a/kexgsss.c b/kexgsss.c
|
||||||
|
index b2f9658..2d33ff7 100644
|
||||||
|
--- a/kexgsss.c
|
||||||
|
+++ b/kexgsss.c
|
||||||
|
@@ -69,6 +69,7 @@ kexgss_server(struct ssh *ssh)
|
||||||
|
u_char *kbuf;
|
||||||
|
DH *dh;
|
||||||
|
int min = -1, max = -1, nbits = -1;
|
||||||
|
+ int cmin = -1, cmax = -1; /* client proposal */
|
||||||
|
BIGNUM *shared_secret = NULL;
|
||||||
|
BIGNUM *dh_client_pub = NULL;
|
||||||
|
int type = 0;
|
||||||
|
@@ -107,11 +108,12 @@ kexgss_server(struct ssh *ssh)
|
||||||
|
case KEX_GSS_GEX_SHA1:
|
||||||
|
debug("Doing group exchange");
|
||||||
|
packet_read_expect(SSH2_MSG_KEXGSS_GROUPREQ);
|
||||||
|
- min = packet_get_int();
|
||||||
|
+ /* store client proposal to provide valid signature */
|
||||||
|
+ cmin = packet_get_int();
|
||||||
|
nbits = packet_get_int();
|
||||||
|
- max = packet_get_int();
|
||||||
|
- min = MAX(DH_GRP_MIN, min);
|
||||||
|
- max = MIN(DH_GRP_MAX, max);
|
||||||
|
+ cmax = packet_get_int();
|
||||||
|
+ min = MAX(DH_GRP_MIN, cmin);
|
||||||
|
+ max = MIN(DH_GRP_MAX, cmax);
|
||||||
|
packet_check_eom();
|
||||||
|
if (max < min || nbits < min || max < nbits)
|
||||||
|
fatal("GSS_GEX, bad parameters: %d !< %d !< %d",
|
||||||
|
@@ -234,7 +236,7 @@ kexgss_server(struct ssh *ssh)
|
||||||
|
buffer_ptr(ssh->kex->peer), buffer_len(ssh->kex->peer),
|
||||||
|
buffer_ptr(ssh->kex->my), buffer_len(ssh->kex->my),
|
||||||
|
NULL, 0,
|
||||||
|
- min, nbits, max,
|
||||||
|
+ cmin, nbits, cmax,
|
||||||
|
dh->p, dh->g,
|
||||||
|
dh_client_pub,
|
||||||
|
dh->pub_key,
|
||||||
|
Loading…
Reference in New Issue
Block a user